Key Points Summary:

The library will state the purpose of collecting personal information and will obtain consent for its use with exception of consent implied by obtaining a library card.

The library will strive to maintain updated and current personal information, collect only what is necessary, and establish safeguards to protect unauthorized access.

The library will not share, use or disclose personal information except with the consent of the individual, through exceptions in this policy or as required by law.

The library will ensure that its privacy policy is enforced by all library staff and any organization that may have legitimate access to this information to provide service.

Library customers have the right to access their personal information, provide or decline consent, maintain accuracy, request clarification or challenge practices.

Definitions:

Personal information: identifiable information about an individual such as name, phone, address, email, date of birth, financial transaction, etc. Exceptions such as personal information in context of doing business, or persons deceased for over 30 years, etc. are defined in the Act.

Spam: an electronic message sent without explicit or implied consent of the recipient

The library collects personal information under the authority of the Municipal Freedom of Information and Protection of Privacy Act for the purpose of conducting the library’s business, which may include fines, holds, overdue notices, fundraising and programs.

Accountability: The library will ensure that its privacy policy is enforced by all library staff members as well as third party organizations or agencies that have legitimate access to such information in support of conducting the library’s business.

Questions regarding the collection and use of personal information can be directed to: Chief Librarian, Hamilton Public Library, P.O. Box 2700, Hamilton, ON L8N 4E4.

Identifying Purpose: The library will clearly state the purpose for collecting any personal information before such information is collected and will obtain consent for that use.

Consent: Obtaining a library card implies the individual’s consent to authorize the library to collect personal information for the purpose of conducting the library’s business, which may include fines, holds, overdue notices, fundraising and programs.

The possession of a library card, overdue notice or collection letter by another person implies written consent for the holder to pay fines or pick up materials on behalf of the card owner but does not allow access to any personal records. Individuals can provide consent for another person to access their records by signing a consent form.

Any individual may choose not to allow the collection of their personal information, although such an action may affect their ability to use the affected library services.

Limiting Collection: Personal information shall be collected using only legal and lawful means and its collection, use and storage will be limited to that which is only necessary to conduct business for the purposes identified by the library.

Use and Disclosure: Personal information shall not be shared, used or disclosed for purposes other than that for which it was collected, except with the consent of the individual, exceptions in this policy or as required by law.

Personal information may be shared with agencies and companies working within the scope of their duties on behalf of the library and in compliance with this policy.

Personal information, including borrowing and transaction history, shall not be disclosed to another person unless to a parent or legal guardian, who is listed as the guardian responsible, for a person who is less than 16 years of age, or where a written signed consent form is provided.

Staff must honour court orders issued by a judge that require the release of personal information. With approval of the Chief Librarian, staff may also disclose personal information in compassionate circumstances, to facilitate contact with the next of kin or a friend of an individual who is injured, ill or deceased.

Any disclosures to law enforcement officials or in compassionate circumstances must be reported to the Library Board, without identifying the individual concerned.

Retention: Personal information shall be retained only for the period of time required to fulfill the purposes for which it was collected. Retention periods about an individual’s borrowing history and transactions are defined in the Borrowing Policy.

Accuracy: Personal information shall be as accurate, complete and up-to-date as is necessary to fulfill the purpose for which it is collected.

The library will update customer information and ensure that the collection, storage and disposal of information are carried out in a manner that conforms to legislation. The Borrowing Policy defines card renewal frequency to update personal information.

Customers are responsible for identifying changes in personal information such as name, address or contact information to maintain the accuracy of their information.

Customers may challenge the accuracy of personal information collected and may request staff to correct it, however, some information may require supporting evidence.

Safeguards: Personal information shall be protected from unauthorized access by safeguards that are appropriate for the sensitivity of the information collected.

Customers should report immediately any lost or stolen library cards to reduce the potential of unauthorized access to their records and protect their information.

Openness: The policy will be accessible to the public on the library’s web site. The library shall answer any individual’s questions about the uses of specific information and about specific practices, ensuring that practices abide by this policy.

Individual Access: The library shall allow customers to see personal information about themselves. Parents or legal guardians, who are listed as the responsible person for the child, may obtain information about their child’s account until they turn 16 years.

Challenging Compliance: Any library customer who feels their privacy has not been protected may challenge library practices through the Chief Librarian. A library customer who, after such a challenge, is not satisfied with the result, may appeal to the Library Board, maintaining either that the current policy has been violated or that the current policy needs to be changed in order to address a perceived issue.

Research: The library may, on occasion, permit valid research which may include the use of customer library records. Any research that is conducted by an outside agency must be approved by an appropriate research ethics board. Any personal information that may be used under approved terms of an authorized research agreement will be destroyed before publication of any research results. Any such research that would be conducted will be governed by this policy.

Electronic Communication: The library will ensure that all electronic messages clearly identify the subject of communication, the Hamilton Public Library is identified as the sender, and that the library’s mail address and contact information is available.

Obtaining a library card implies the individual’s consent to authorize the library to send electronic notifications regarding personal borrowing and transaction activities using their preferred method. Individuals may request not to receive notifications although such an action may affect their ability to use the affected library services.

The library may, at times, use electronic means to promote services, share information, or announce special events. The library will seek the individual’s consent before sending promotional electronic messages. The library will provide options to individuals to easily unsubscribe from the services or change their preferences at any time.

Design Principles: The library will apply Privacy by Design principles in technology, business practices and physical design to protect customer privacy when conducting library business to provide services to the public.